CVE-2022-22982
https://notcve.org/view.php?id=CVE-2022-22982
The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service. El servidor vCenter contiene una vulnerabilidad de tipo server-side request forgery (SSRF). Un actor malicioso con acceso de red a 443 en el vCenter Server puede explotar este problema al acceder a una petición de URL fuera del vCenter Server o accediendo a un servicio interno • https://www.vmware.com/security/advisories/VMSA-2022-0018.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2022-22972
https://notcve.org/view.php?id=CVE-2022-22972
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate. VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen una vulnerabilidad de omisión de autenticación que afecta a usuarios del dominio local. Un actor malicioso con acceso de red a la interfaz de usuario puede obtener acceso administrativo sin necesidad de autenticarse • https://github.com/horizon3ai/CVE-2022-22972 https://github.com/bengisugun/CVE-2022-22972- https://github.com/Dghpi9/CVE-2022-22972 https://www.vmware.com/security/advisories/VMSA-2022-0014.html •
CVE-2022-22958
https://notcve.org/view.php?id=CVE-2022-22958
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution. VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen dos vulnerabilidades de ejecución de código remota (CVE-2022-22957 y CVE-2022-22958). Un actor malicioso con acceso administrativo puede desencadenar la deserialización de datos no confiables mediante un URI JDBC malicioso que puede resultar en una ejecución de código remota • https://www.vmware.com/security/advisories/VMSA-2022-0011.html • CWE-502: Deserialization of Untrusted Data •
CVE-2022-22961
https://notcve.org/view.php?id=CVE-2022-22961
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. A malicious actor with remote access may leak the hostname of the target system. Successful exploitation of this issue can lead to targeting victims. VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen una vulnerabilidad de divulgación de información debido a una devolución de información excesiva. Un actor malicioso con acceso remoto puede filtrar el nombre de host del sistema de destino. • https://www.vmware.com/security/advisories/VMSA-2022-0011.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2022-22959
https://notcve.org/view.php?id=CVE-2022-22959
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malicious actor can trick a user through a cross site request forgery to unintentionally validate a malicious JDBC URI. VMware Workspace ONE Access, Identity Manager y vRealize Automation contienen una vulnerabilidad de tipo cross site request forgery. Un actor malicioso puede engañar a un usuario mediante un ataque de tipo cross site request forgery para que compruebe involuntariamente un URI JDBC malicioso • https://www.vmware.com/security/advisories/VMSA-2022-0011.html • CWE-352: Cross-Site Request Forgery (CSRF) •